Skip to content

Set dependabot cooldown#7490

Open
ShaharNaveh wants to merge 2 commits intoRustPython:mainfrom
ShaharNaveh:dependabot-cooldown
Open

Set dependabot cooldown#7490
ShaharNaveh wants to merge 2 commits intoRustPython:mainfrom
ShaharNaveh:dependabot-cooldown

Conversation

@ShaharNaveh
Copy link
Contributor

@ShaharNaveh ShaharNaveh commented Mar 23, 2026
edited by coderabbitai bot
Loading

Suggested by zizmor and https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates#setting-up-a-cooldown-period-for-dependency-updates

Summary by CodeRabbit

  • Chores
    • Adjusted automated dependency update cooldowns for multiple package ecosystems (changes affect cargo, npm, and GitHub Actions).
    • This alters the cadence of background dependency update checks and notifications; no user-facing features or public APIs were changed.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 23, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: c4c7a5b0-b5c9-4bd4-9e1a-8cd259b7351c

📥 Commits

Reviewing files that changed from the base of the PR and between 96f53c3 and 216bb37.

📒 Files selected for processing (1)
  • .github/dependabot.yml
✅ Files skipped from review due to trivial changes (1)
  • .github/dependabot.yml
📝 Walkthrough

Walkthrough

Adds cooldown settings to .github/dependabot.yml for cargo, npm, and github-actions ecosystems, specifying default-days: 7 and semver-specific delays (semver-major-days: 30, semver-minor-days: 7, semver-patch-days: 3) for cargo and npm; github-actions uses default-days: 7.

Changes

Cohort / File(s) Summary
Dependabot configuration
\.github/dependabot.yml		 Inserted cooldown blocks: for cargo and npm set default-days: 7 with semver-major-days: 30, semver-minor-days: 7, semver-patch-days: 3; for github-actions set default-days: 7. No other settings changed.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

  • youknowone

Poem

🐰 I nibble code and count the days,

Seven, seven — slow the chase.
Thirty for breaks so major and grand,
Seven and three as updates land.
A hop, a pause — Dependabot's planned delight.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Set dependabot cooldown' directly and accurately describes the main change: adding cooldown policies to Dependabot configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 23, 2026
View reviewed changes
coderabbitai[bot]
coderabbitai bot reviewed Mar 23, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/dependabot.yml:
- Line 9: Update every occurrence of the dependabot configuration key
"default-days" in .github/dependabot.yml from 5 to at least 7 (e.g., 7 or 30) to
satisfy the cooldown policy; specifically locate the three "default-days: 5"
entries and change their values to 7 or higher so all occurrences use the
minimum required cooldown.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 272b6a82-2c06-4b6c-a02d-3571ff1326a5

📥 Commits

Reviewing files that changed from the base of the PR and between 8c01615 and 96f53c3.

📒 Files selected for processing (1)
  • .github/dependabot.yml

@ShaharNaveh ShaharNaveh added the skip:ci Skip running the ci label Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

skip:ci Skip running the ci

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ShaharNaveh